GRAPELOADER is a malware used in the initial stages of an infection to collect system data, prep the device for further infiltration, and carry it out (i.e., download/install additional payloads). This malicious program has been used in a campaign that began in January 2025. This activity has bee
Our research team found the agwaravocaed.co[.]in rogue page while investigating suspicious websites. Upon examination, we determined that this webpage endorses browser notification spam and redirects visitors to other (likely unreliable/harmful) sites. The majority of visitors to agwaravocaed.co[
Our inspection of the "Service Desk" email revealed that it is spam. It claims that multiple messages failed to reach the recipient's inbox due to a server error that has already been addressed. By attempting to review the pending emails, the recipient is tricked into disclosing their account log-
While browsing dubious websites, our researchers discovered this fake "Claim Empyreal (EMP)" webpage. It imitates the Empyreal (empyrealsdk.com) platform and lures users with an airdrop of unclaimed tokens. The purpose of this scam is to trick victims into exposing their digital wallets to a crypt
After examining this "Someone Entered Correct Password For Your Account" email, we determined that it is spam. The message claims there was a sign-in attempt to the recipient's account using their actual password. The recipient is urged to investigate this activity – thus, they are lured into disc
During our inspection of WatchThisOnline, we found that the app is supposed to provide users with daily streaming updates. In reality, it provides little to no real value and may have malicious functionalities. Thus, we classified WatchThisOnline as an unwanted application. Users should avoid inst
CrypteVex is a ransomware-type program. Malware within this classification is designed to encrypt data and demand payment for its decryption. After we executed CrypteVex on our test machine, it displayed a pop-up window. The malware encrypted files and appended their names with a ".cryptevex" ext
Our examination of the email has shown that it is a phishing email designed to trick recipients into sharing personal information with scammers. This deceptive email contains a link to a fake website where unsuspecting users are requested to enter login credentials. This and similar emails should
Qilra is ransomware that we discovered while inspecting samples submitted to VirusTotal. Our analysis has shown that Qilra encrypts files, appends the ".qilra" extension to files, and generates a ransom note ("RESTORE-MY-FILES.TXT"). An example of how the ransomware changes filenames: it renames "
Our team has inspected wexprotocol.co[.]in and discovered that its purpose is to trick visitors into agreeing to receive notifications from it. Once the page has permission to show notifications, it delivers fake warnings and similar messages. Thus, wexprotocol.co[.]in should not be trusted (and n